8. The Means of Cybersecurity: Access Control 215 8.4 Conclusion Access control is the means of cybersecurity because cybersecurity is primarily concerned with preventing unauthorized access to computer systems and data. Hackers strive to disclose and alter data and to deny access to authorized users. A prerequisite to many of their objectives is gaining unauthorized access. Hackers can do this by defeating and subverting access control mechanisms. The access control acronym AAA stands for authentication, authorization, and accounting. The goal of authentication is to make sure that users are who they say they are. The goal of authorization is to make sure that computer systems and data are only used in ways that are permitted. The goal of accounting is to record events so that it is possible to see who did what when. As we have seen in this chapter, there are many detailed aspects of each area. None of these three systems work perfectly—all of them have weaknesses. But having well designed access control mechanisms in each of the three areas is a vital component of a sound cybersecurity posture.
RkJQdWJsaXNoZXIy MTM4ODY=